Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions
Community
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Details on Sharepoint Connector permissions

Georg Fankhauser
Georg Fankhauser
December 17, 2025

Hi all,

we want to extend the knowledge of our rovo and the rovo of our clients to sharepoint and teams.

We've had some discussion with it- and it-security-departments and have some questions, which we need to find additional answers to.

Basically you need to set up an Entra App Registration with "extensive" rights - so with the app registration, basically all data can and will be extracted from the sources, for syncing to and indexing in Rovo:

  • Directory.Read.All
  • Files.Read.All
  • Group.Read.All
  • GroupMember.Read.All
  • User.Read.All
  • Reports.Read.All
  • Sites.Read.All
  • AuditLogsQuery-SharePoint.Read.All

There is - on this end - no consideration or filtering of data to the scope of the availability of the individual user.

So if I understand that right, then ROVO is building up an additional index with the full data of sharepoint, teams, outlook in the atlassian sphere (teams graph?).

Then the query out of rovo is not directed to the sharepoint, but to the index in the atlassian sphere, and then rovo takes care of the permissions and visibility.

Do you know if there is any available material, in how this permission topic is handled for the microsoft world connected apps (teams, sharepoint, outlook)? How does ROVO transfer permission, security groups etc. then for rovo?

In the atlassian docs i can only find: "the permissions in third party app are respected" - but  that's not sufficient for some it departments. The fear is, that they cannot directly set the permissions in the entra/microsoft sphere but have to rely on a proper handling on rovo/atlassian end - and teams / outlook data contain personal / protected information.

What do you tell, hand over to your it departments?

Thanks a lot for your support

--

Here is an excerpt of what I found:

Connect SharePoint to Rovo | Atlassian Support
How Rovo connector permissions are kept in sync | Atlassian Support

"This means restricted data in your connected third-party apps (for example, a private file or folder in Google Drive) can only be seen and used in Rovo by those users who already have access to that content in such third-party apps."

"Rovo relies on and respects the permissions that are set in your third-party apps. Content that isn’t restricted may appear for all users in search results, or can be used by Agents or Chat."

Answer
Watch
Like # people like this
125 views

1 answer

0 votes
Rebekka Heilmann _viadee_
Rebekka Heilmann (viadee)
Community Champion
December 18, 2025

Hi @Georg Fankhauser - welcome to the Community!

 

 

So if I understand that right, then ROVO is building up an additional index with the full data of sharepoint, teams, outlook in the atlassian sphere (teams graph?).Then the query out of rovo is not directed to the sharepoint, but to the index in the atlassian sphere, and then rovo takes care of the permissions and visibility.

 


From what I understand is that Rovo builds the index which basically replicates the data, yes. So Rovo has access to everything. However, The user querying Rovo will not see any more data than they do when they access it directly. Rovo checks permissions in the connected system (in this case Sharepoint) and respect those - Rovo queries that via the User token / OAuth connection. So Rovo isn't managing the permissions separately but rather queries them from the 3rd party system.

Again, that is my understanding. I agree to the point, that permission handling is documentated only to a point of "trust us, we handle it" but with no real specifics.

 

View More Comments
Georg Fankhauser
Georg Fankhauser
December 18, 2025

Hi Rebecca,

thanks for your message!

In my case that missing spec / transparency (administrative topic) unfortunately prevents from closing the gap between the "two worlds" (ROVO & MS) from the ROVO side.

I hoped that maybe Altassian can provide something on that end, since in our area that might be relevant for more customers.

I don't know, if Atlassian is also scanning the forum - instead I'll use other channels additionally to request that.

Thanks & regards

Like
Rebekka Heilmann _viadee_
Rebekka Heilmann (viadee)
Community Champion
December 19, 2025

I can escalate the question to them, but yes, people like @Alex Gallien are on here - most likely with slower response times over the holidays.

Like
Alex Gallien
Alex Gallien
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
December 19, 2025

Hi @Georg Fankhauser! You're definitely on the right track, another useful doc is Rovo Data Privacy and Usage Guidelines.

As you've discovered, permissions for individual documents is synced along with the content from the third party data source. Reviewing docs like Connect SharePoint to Rovo, we definitely could be more explicit about how this works. Totally see how the lack of a permissions item under the list of indexed objects could cause some alarm.

Third party connectors for Rovo are going to be a focus in the upcoming year, so expect to see improvements in their functionality, transparency, and documentation. That being said, do you have any examples of this type of spec done in a way that would meet your requirements? I'd love to have a good example to bring to the product teams.

Like Rebekka Heilmann (viadee) likes this
Georg Fankhauser
Georg Fankhauser
December 19, 2025

Hi @Alex Gallien - thanks a lot for the info
and will try to provide something as a reference, but will have to wait to January since holidays are 2mins away ;) thanks also @Rebekka Heilmann _viadee_ 

wish you all the best in the meantime

Like
Reply

Suggest an answer

Log in or Sign up to answer
Rovo Atlassian Intelligence
Rovo
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security